wmic使用:
1.查看进程详细信息,这个命令会显示进程的很多信息
wmic process where name="java.exe" get /format:value
2.指定显示某些列,可根据上面命令有选择的显示某些字段
wmic process where name="java.exe" get CreationDate,CommandLine,ProcessId
3. name 模糊查询:
WMIC PATH Win32_Process WHERE "name like '%java%'"
更多:https://www.cs.cmu.edu/~tgp/scsadmins/winadmin/WMIC_Queries.txt
更多
查看所有运行中进程的命令行参数:
mic process get caption,commandline /value
查询指定进程的命令行参数:
wmic process where caption="notepad.exe" get caption,commandline /value【精确查找】
wmic process where="caption like 'notepad%'" get caption,commandline /value【模糊查找】
先决条件:
a. 启动Windows Management Instrumentation服务,开放TCP135端口。
b. 本地安全策略的“网络访问: 本地帐户的共享和安全模式”应设为“经典-本地用户以自己的身份验证”。
1. wmic /node:"192.168.1.20" /user:"domainadministrator" /password:"123456"
2.【硬件管理】:
获取磁盘资料:
wmic DISKDRIVE get deviceid,Caption,size,InterfaceType
获取分区资料:
wmic LOGICALDISK get name,Description,filesystem,size,freespace
获取CPU资料:
wmic cpu get name,addresswidth,processorid
获取主板资料:
wmic BaseBoard get Manufacturer,Product,Version,SerialNumber
获取内存数:
wmic memlogical get totalphysicalmemory
获得品牌机的序列号:
wmic csproduct get IdentifyingNumber
获取声卡资料:
wmic SOUNDDEV get ProductName
获取屏幕分辨率
wmic DESKTOPMONITOR where Status='ok' get ScreenHeight,ScreenWidth
3. PROCESS【进程管理】:
列出进程
wmic process list brief
(Full显示所有、Brief显示摘要、Instance显示实例、Status显示状态)
wmic 获取进程路径:
wmic process where name="jqs.exe" get executablepath
wmic 创建新进程
wmic process call create notepad
wmic process call create "C:Program FilesTencentQQQQ.exe"
wmic process call create "shutdown.exe -r -f -t 20"
wmic 删除指定进程:
wmic process where name="qq.exe" call terminate
wmic process where processid="2345" delete
wmic process 2345 call terminate
wmic 删除可疑进程
wmic process where "name='explorer.exe' and executablepath<>'%SystemDrive%\windows\explorer.exe'" delete
wmic process where "name='svchost.exe' and ExecutablePath<>'C:\WINDOWS\system32\svchost.exe'" call Terminate
3. USERACCOUNT【账号管理】:
更改当前用户名
WMIC USERACCOUNT where "name='%UserName%'" call rename newUserName
WMIC USERACCOUNT create /?
4. SHARE【共享管理】:
建立共享
WMIC SHARE CALL Create "","test","3","TestShareName","","c: est",0
(可使用 WMIC SHARE CALL Create /? 查看create后的参数类型)
删除共享
WMIC SHARE where name="C$" call delete
WMIC SHARE where path='c:\test' delete
5. SERVICE【服务管理】:
更改telnet服务启动类型[Auto|Disabled|Manual]
wmic SERVICE where name="tlntsvr" set startmode="Auto"
运行telnet服务
wmic SERVICE where name="tlntsvr" call startservice
停止ICS服务
wmic SERVICE where name="ShardAccess" call stopservice
删除test服务
wmic SERVICE where name="test" call delete
6. FSDIR【目录管理】
列出c盘下名为test的目录
wmic FSDIR where "drive='c:' and filename='test'" list
删除c:good文件夹
wmic fsdir "c:\test" call delete
重命名c: est文件夹为abc
wmic fsdir "c:\test" rename "c:abc"
wmic fsdir where (name='c:\test') rename "c:abc"
复制文件夹
wmic fsdir where name='d:\test' call copy "c:\test"
7.datafile【文件管理】
重命名
wmic datafile "c:\test.txt" call rename c:abc.txt
8.【任务计划】:
wmic job call create "notepad.exe",0,0,true,false,********154800.000000+480
wmic job call create "explorer.exe",0,0,1,0,********154600.000000+480